Journal ArticleDOI
Optimal Filter Assignment Policy Against Distributed Denial-of-Service Attack
Rajorshi Biswas,Jie Wu +1 more
Reads0
Chats0
TLDR
This paper proposes a DDoS attack protection system by using the filter router and formulate two problems with different settings for selecting filter routers given a constraint on the number of filters, which consider the blockage of all attack traffic before it reaches the victim.Abstract:
A distributed denial-of-service (DDoS) attack is a cyber-attack in which the attackers from different locations send out a huge number of requests to exhaust the capacity of a server. Current DDoS attack protection services filter out the DDoS attack packets in the middle of the path from the attacker to the servers. Some of the DDoS protection systems filter out them at the victim server. As a result, unnecessary attack traffic congests the network and wastes bandwidth which can be minimized if we block them as early as possible. In this paper, we propose a DDoS attack protection system by using the filter router. The victim needs to wisely select and send filters to a subset of filter routers to minimize attack traffic and blockage of legitimate users (LUs). Many filters can minimize the attack traffic and blockage of LUs easily, but it is costly to the victim. So, we formulate two problems with different settings for selecting filter routers given a constraint on the number of filters. We propose a dynamic programming solution for both problems. Both problems consider the blockage of all attack traffic before it reaches the victim. We conduct extensive simulation to support our solutions.read more
Citations
More filters
Journal ArticleDOI
ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN
TL;DR: Experimental results indicate that ADVICE can effectively minimize the controller's workload and optimize the usage of the limited switch-controller connection bandwidth, shorten the response time of DDoS attacks compared with state-of-the-art methods, and thus protect the network from various DDoSattacks.
Journal ArticleDOI
Secure Control Design for Networked Control Systems With Nonlinear Dynamics Under Time-Delay-Switch Attacks
TL;DR: In this article , a continuous controller is developed for a centralized network control system (NCS), which is composed of agents with nonlinear dynamics subject to a time-delay switch (TDS) attack and additive disturbances.
Journal ArticleDOI
Secure Control Design for Networked Control Systems With Nonlinear Dynamics Under Time-Delay-Switch Attacks
TL;DR: In this article , a continuous controller is developed for a centralized network control system (NCS), which is composed of agents with nonlinear dynamics subject to a time-delay switch (TDS) attack and additive disturbances.
Journal ArticleDOI
Forensik Jaringan DDoS menggunakan Metode ADDIE dan HIDS pada Sistem Operasi Proprietary
TL;DR: In this article , metode penelitian ini menerapkan ADDIE (Analyze, Design, Develop, Implement and Evaluate) and host-based intrusion detection system (HIDS) Snort pada simulasi jaringan berbasis lokal dan luas.
References
More filters
Journal ArticleDOI
Multivariate statistical analysis of audit trails for host-based intrusion detection
TL;DR: This study investigates a multivariate quality control technique to detect intrusions by building a long-term profile of normal activities in information systems (norm profile) and using the norm profile to detect anomalies.
Journal ArticleDOI
A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis
TL;DR: A DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features by learning the patterns of legitimate network traffic only is presented.
Journal ArticleDOI
Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment
Kriti Bhushan,Brij B. Gupta +1 more
TL;DR: This work discusses various essential features of SDN that makes it a suitable networking technology for cloud computing, and proposes a novel flow-table sharing approach to protect the SDN-based cloud from flow table overloading DDoS attacks.
Journal ArticleDOI
Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment
Brij B. Gupta,Omkar P. Badve +1 more
TL;DR: Better understanding of the DDoS attack problem in Cloud computing environment, current solution space, and future research scope to deal with such attacks efficiently is provided.
Journal ArticleDOI
Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis
TL;DR: RADAR is a practical system to defend against a wide range of flooding-based DDoS attacks, e.g., link flooding (including Crossfire), SYN flooding, and UDP-based amplification attacks, while requiring neither modifications in SDN switches/protocols nor extra appliances.